sops: various improvements and tests #607
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pjbgf
reviewed
Mar 31, 2022
pjbgf
reviewed
Mar 31, 2022
hiddeco
force-pushed
the
sops-keyservice-imprv
branch
from
de35490
to
886918d
Compare
hiddeco
force-pushed
the
sops-keyservice-imprv
branch
19 times, most recently
from
563d732
to
61c2761
Compare
hiddeco
force-pushed
the
sops-keyservice-imprv
branch
6 times, most recently
from
14c5a6b
to
2b71a70
Compare
These bits of code have a history of accidents around the fallback behavior. By simplifying it, the fallback should generally always work, unless you put in instructions to take another route. Signed-off-by: Hidde Beydals <hello@hidde.co>
This ensures data used for decryption is not exposed widely after constructing the Server, and prevents a bypass to the default server fallback. Signed-off-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Hidde Beydals <hello@hidde.co>
This ensures we signal early that we will be unable to fulfill the request, instead of letting the underlying keysource implementation run into mayhem. Which can be problematic for e.g. PGP, which has assumptions about things being located relative to the given home directory, resulting in possible unexpected behavior if an empty path is given. Signed-off-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Hidde Beydals <hello@hidde.co>
This revises the PGP keysource implementation, removing bits of code that were not actually in use, or not viable in combination with how we work with keys. In short: - crypto/openpgp implementation has been removed. As it is unable to read the keystore created by newer versions of GnuPG. Given we import user provided keys _with_ GnuPG, this was basically dead code. - All capabilities around fetching public keys from a server have been removed. - "Jailing" of GnuPG shell-out is now handled in `gpgExec`, in addition, arguments for encrypt and decrypt execs have been revised to ensure they e.g. do not instruct to use the agent. Signed-off-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Hidde Beydals <hello@hidde.co>
This adds a new GnuPGHome type which can be used to create a new contained GnuPG home directory. The type is self-validating, ensuring it adheres to e.g. permission rules set out by GnuPG, and allows for importing keys from armored bytes and files. Because of this introduction, the decryptor service no longer has to write data from a Secret to a temporary file, but is instead able to directly import them into the keyring from the Secret entry's bytes. Signed-off-by: Hidde Beydals <hello@hidde.co>
hiddeco
force-pushed
the
sops-keyservice-imprv
branch
from
2aecad8
to
fccd992
Compare
hiddeco
force-pushed
the
sops-keyservice-imprv
branch
from
b148bba
to
73aead4
Compare
pjbgf
reviewed
Apr 5, 2022
pjbgf
reviewed
Apr 5, 2022
This adds a new ParsedIdentities type which can be used to parse a set of age identities just once, instead of parsing them for every Decrypt request. Signed-off-by: Hidde Beydals <hello@hidde.co>
This adds a new Token type which can be used to configure an azcore.TokenCredential on a master key. Due to this introduction, the server only has to go through the AADConfig once. Signed-off-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Hidde Beydals <hello@hidde.co>
hiddeco
force-pushed
the
sops-keyservice-imprv
branch
from
73aead4
to
bf4cefe
Compare
pjbgf
approved these changes
Apr 5, 2022
Merged
Signed-off-by: Hidde Beydals <hello@hidde.co>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR revises the SOPS keysource implementations, removes dead code, and adds tests.